<?php
include_once('inc/init.php');
include_once('inc/functions.index.php');
?>
<?php
// Define some variables.
$error_msg = "";
$email = "";
$email = stripslashes($_REQUEST['email']);
$sent = false;

// Verify if the form was sent.
if (isset($_REQUEST['action'])) {
	$email = stripslashes($_REQUEST['email']);	
	if (strlen($email)==0) {
		$error_msg .= "<p> '<strong>Your e-mail address</strong>' field is empty. </p>";
	}else{
		$error_msg = Recover_password($email);
	}
}

function Recover_password($email){
	global $sent;
	// Check if the email has been used before
	$sql_cmd = "select * from users where email = '$email'";
	$sql_query = mysql_query($sql_cmd) or die(mysql_error());
	if (mysql_num_rows($sql_query)==0) {
		return "<p>The e-mail address that you provided does not exist.</p>";
	} else {
	
		// Create password key
		$lost_pass_key=md5(generatePassword(5).time());
		$sql_cmd = "UPDATE users SET lost_pass_key = '$lost_pass_key' WHERE email='$email'";
		$sql_query = mysql_query($sql_cmd) or die(mysql_error());
		
		// Send email
		$to      = $email;
		$subject = 'The Finger For, Recover Password';
		$body    = "Hello dear user,\n\n";
		$body   .= "A password recovery request was sent from Thefingerfor website \n";
		$body   .= "If you did that request and you want a new password click on the link bellow: \n";
		$body   .= MAIL_URL. "new_password.php?reset=$email&lost_pass_key=$lost_pass_key \n\n";
		$body   .= "If you didn't request a new password, just delete the email \n";
		$body   .= "Best regards,\n";
		$body   .= "The Finger For Team.";
		$headers = 'From: ' . FROM_EMAIL . "\r\n" .'Reply-To: ' . FROM_EMAIL . "\r\n" .'X-Mailer: PHP/' . phpversion();
		mail($to, $subject, $body, $headers);
		$sent=true;
	}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Forgot Password - The Finger For</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
<?php include_once('template/head.php');?> 
</head>

<body>
	<div id="wrap">
		<!-- header -->
		<?php include_once('template/header.php'); ?>
		<!-- body -->
		<div id="body">
			<?php include_once('template/subheader.php'); ?>
			<h1>Recover Lost Password</h1>
			<div class="body">
			
			<?php 
			if ($sent): ?>
				<p class="form_item">
					Your password recovery was sent to your email.
				</p>
			<?php else: ?>
				<?php if (strlen($error_msg)>0) { ?>
					<div class="error">
						<?php echo $error_msg; ?>
					</div>
				<?php } ?>			
				<form name="login" action="<?php echo $_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING'];?>" method="post">
					<p class="form_item">
						<span class="label"> Your e-mail address: </span>
						<span class="desc"> Please enter your e-mail address. </span>
						<input type="hidden" name="action" value="recover" />
						<input value="<?php echo $email; ?>" type="text" name="email" class="inputwb wide3x" />
					</p>
					<p class="form_item">
						<span class="desc">Send email!</span>
						<input type="submit" class="dark_btn" value="Recover" />
					</p>
				</form>
			<?php endif; ?>
				</div>
		</div>
		<!-- footer -->
		<?php include_once('template/footer.php'); ?>
	</div>
	<br /><br /> <!-- keep some space with the bottom -->
</body>
</html>
<?php mysql_close($db); ?>